Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-1334

Jenkins CSB Security hardenings for ESS compliance (due 2022-04-29)

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Critical Critical
    • OSSM 2.2.0
    • None
    • QE
    • Sprint 51

      Dear Jenkins CSB users,

      The D&O team have compiled a 5 step procedure for each instance to
      complete in order for that instance to reach a compliance with
      Enterprise Security Standard - ESSv9 (Product Security requirement).

      These are the remaining steps that cannot be remediated on the service
      side, so we are asking all CSB Jenkins admins for action on their side.

      Please make an effort to complete this by 2022-04-29, which is a hard
      deadline for item #1 in that list. In case of questions or feedback,
      please use the JIRA tickets associated with each documented step.

      [1]
      https://docs.google.com/document/d/16eOoS8za2mUjVMiQlyUle-8PPOjLBgQn3xUfmzCybn8/edit#
      [2]
      https://source.redhat.com/departments/it/it-information-security/wiki/enterprise_security_standard_80_essv8

        1.
        		 Switch to IPA.REDHAT.COM Kerberos realm Sub-task Closed Undefined Filip Brychta
        2.
        		 Enable Kerberos SSO plugin Sub-task Closed Undefined Filip Brychta
        3.
        		 Reduce authorized groups for support personnel Sub-task Closed Undefined Filip Brychta
        4.
        		 Reduce user admin groups Sub-task Closed Undefined Filip Brychta
        5.
        		 Switch to per-team UMB certificate Sub-task Closed Critical Filip Brychta

            fbrychta@redhat.com Filip Brychta
            fbrychta@redhat.com Filip Brychta
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: